Recommended Posts

**Update November 2017 - These instructions are for users running Passwordstate 7 - New instructions and a new video on on how to set up the Remote Session Launcher for Passwordstate 8 are coming soon**

Purpose:

This post will guide you through the process of setting up the Remote Session Launcher for a Windows Machine

How Do I Do This?

Step 1 - Add a Windows Host into Passwordstate. You can do this manually, or they can be added via a Discovery process. For this tutorial, we'll add one manually.

Click Hosts -> Hosts and Resources

Click Add

Enter the Fully Qualified Domain Name of your machine, and select its Operating System. Ensure RDP is selected, and Port 3389 is the correct value. Click Save to add the Host.

Step 3 - Add a Password Record into Passwordstate, of a user that has permissions to remote into Hosts on your network. Ensure you set the account type as Active Directory, the user name in the format of Domain\Username and you set the password to what the current password is in Active Directory

Step 4 - Set up a Remote Session Credential and give yourself permission to use it. Link it to the Password Record you set up in Step 3.

Click Preferences -> Remote Session Credentials

Click Add

Give your Remote Session Credential Query a Description, and Link it to the correct Password Record. Click Save when done

Run the Passwordstatelauncher.exe once it has downloaded, and click Next at the Welcome screen

Leave the default installation path and click Next

Enter in your Passwordstate URL and click Next

Click Next

Click Finish

Step 6 - Configure the Browser Support for RDP Sessions

Click Preferences -> Remote Session Credentials -> Configure Browser Support -> RDP Sessions. When clicking this you will get a slightly different Web Page pop up, depending on which browser you are using. Ensure you click the Allow button and tick the option to remember this setting permanently. Close down any windows once this is complete

Step 7 - Launch a Session

Click Tools -> Remote Session Launcher, and search for the Host you added

Or you can launch it from your Passwords Home Screen, if you have the Recent Hosts, or Search Hosts grid view on

For troubleshooting Remote Session Launcher in the scenario it is not working, please try Section 6: Troubleshooting in the Remote Session Launcher Guide

If you are still having issues, please contact Click Studios on support@clickstudios.com.au

Share this post

Link to post

Share on other sites

I hope my question fits here. In the following picture you can put down the AD user credentials that are used to connect to a domain host, which is a windows machine. As in everywhere else, we have a policy that users must change their domain password each 3 months. Does that mean that after he will change its domain password, he has to manually go to each password record in the PasswordState and then update them? Or the PasswordState will understand that the password in the password list does not match with the one in AD and then it (PasswordState) will automatically updates with the new password from AD?

p.s. why the option "Show 'Active Directory Actions' options for Active Directory accounts" is only available to Shared Password Lists?

Share this post

Link to post

Share on other sites

If you are resetting passwords in AD directly, then this will cause issues with this feature, as the passwords will be out of sync.

We instead recommend that you use Passwordstate to update the AD account passwords, and then everything will work fine. When doing this, changes to passwords can be done manually whenever needed, or you can set a schedule to do this automatically.

If you go to the Help Menu in Passwordstate, then User Manual -> KB Articles ->Password Resets, there is a article titled 'Resetting Active Directory Passwords' which will guide you through this process.

Regards

Click Studios

Share this post

Link to post

Share on other sites

Do you plan on having some sort of option to enable bi-directional flow for that? Usually what happens, that users to don't track how much time they have left until the password change. They come to work, open the machine and they get pop-up that it's time to change AD password and they do. So if there would be an option to enable the password record in the PasswordState to be pushed from AD to PasswordState would be great

Lastly, perhaps you missed my last question or you forgot to answer, but why the option "Show 'Active Directory Actions' options for Active Directory accounts" is only available in Shared Password Lists?

Share this post

Link to post

Share on other sites

It's not possible to have a bi-directional flow unfortunately, as Microsoft do not allow you to decrypt AD passwords.

And sorry, I did miss your other question. Currently we do not allow Private Password Lists to have the option set to Reset Passwords in other systems - which this Show Active Directory Actions feature requires. We had quite a bit of feedback that having hidden Password Lists being able to make password reset changes everywhere was not a good idea.